Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Pythonectfor Security Professionals
Itzik Kotler
Pythonect● Pythonect is a portmanteau of the words Python and Connect● New, experimental, general-purpose dataflow programming
language based on Python● Current “stable“ version (True to Feb 12 2013): 0.4.1● Made available under 'Modified BSD License'● Influenced by: Unix Shell Scripting, Python, Perl● Cross-platform (should run on any Python supported platform)● Website: http://www.pythonect.org/
http://www.pythonect.org/
A few words on the Development● Written purely in Python (2.7)
– Works on CPython 2.x, and Jython 2.7 implementations● Tests written in PyUnit● Hosted on GitHub● Commits tested by Travis CI
Installing and Using The Pythonect Interpreter● Install directly from PyPI using easy_install or pip:
– easy_install PythonectOR
– pip install Pythonect● Clone the git repository:
– git clone git://github.com/ikotler/pythonect.git– cd pythonect– python setup.py install
The Pythonect Interpreter● Written and integrated with the Python environment:% pythonectPythonect 0.4.1>>>
Dataflow Programming● Programming paradigm that treats data as something that
originates from a source, flows through a number of components and arrives at some final destination
● Most suitable when developing applications that are themselves focused on the "flow" of data.
Dataflow Example● A video signal processor which perhaps starts with a video
input, modifies it through a number of processing components (video filters), and finally outputs it to a video display.
LocalFile
Reader
ScreenOutputDisplay
VideoB&W
FrameProcressor
Dataflow Example● Let's say we want to change our feed from a local file to a
remote file on a Website? No problem!
URLDownloader
ScreenOutputDisplay
VideoB&W
FrameProcressor
Dataflow Example● Let's say we want to write the Video B&W Frame Processor
output to both a screen and a local file? No problem!
URLDownloader
LocalFile
WriterVideoB&W
FrameProcressor Screen
OutputDisplay
Dataflow Programming Advantages● Promotes some good programming practices● Makes development and maintenance very intuitive● Programs can be divided between threads, processors, or
computers more easily
'Hello, world' -> print
String Function
"Hello, world" -> [print, print]
String
Function
Function
["Hello, world", "Hello, world"] -> print
Function
String
String
range(99, 0, -1) \ | [ _ % 2 == 0 ] \ -> str \ -> _ + " bottle(s) of beer on the wall," \ -> print \ -> _.split(' on')[0] + '.' \ -> print \ -> print("Take one down, pass it around,")
Integer Filter ExpressionFunction Function FunctionFunction Function
raw_input() -> _.encode('rot13') -> print
Function Function
ROT13 Encrypt & Decrypt
Function
'ftp.gnu.org' -> ftplib.FTP -> _.login() -> print("Allow anonymous")
String Class
Check if FTP server supports Anonymous Login
Function Function
sys.argv[1] \ -> [str(_ + '/' + x) for x in open(sys.argv[2],'r').read().split('\n')] \ -> [(_, urllib.urlopen(_))] \ -> _[1].getcode() != 404 \ -> print "%s returns %s" % (_[0], _[1], _[1].getcode())
String Nested Loop
(Multi-thread) HTTP Directory Brute-force
...
Function Filter Function
['%s', '%n', 'A', 'a', '0', '!', '$', '%', '*', '+', ',', '-', '.', '/', ':'] \ | [_ * n for n in [256, 512, 1024, 2048, 4096]] \ | os.system('/bin/ping ' + _)
Array Nested Loop
Command line Fuzzer
Function
open('dana.jpg', 'r').read() \ -> itertools.permutations \ -> open('output_' + hex(_.__hash__()) + '.jpg', 'w').write(''.join(_))
String Function
(Multi-thread) Generic File format Fuzzer
...
Function
"MALWARE.EXE" -> [os.system("/usr/bin/md5sum " + _), os.system("/usr/bin/sha1sum " + _)]
String
Compute MALWARE.EXE's MD5 & SHA1
Function
Function
Compute MALWARE.EXE's Entropy● Entropy.py:
import math
def entropy(data):
entropy = 0
if data:
for x in range(2**8):
p_x = float(data.count(chr(x))) / len(data)
if p_x > 0:
entropy += - p_x * math.log(p_x, 2)
return entropy
● Pythonect:"MALWARE.EXE" \
-> open(_, 'r').read() \
-> entropy.entropy \
References / More Examples● My Blog
– Scraping LinkedIn Public Profiles for Fun and Profit– Fuzzing Like A Boss with Pythonect– Automated Static Malware Analysis with Pythonect
● LightBulbOne (Blog)– Fuzzy iOS Messages!
http://blog.ikotler.org/http://blog.ikotler.org/2012/12/scraping-linkedin-public-profiles-for.htmlhttp://blog.ikotler.org/2012/09/fuzzing-like-boss-with-pythonect.htmlhttp://blog.ikotler.org/2012/08/automated-static-malware-analysis-with.htmlhttp://lightbulbone.com/http://lightbulbone.com/post/33937338035/fuzzy-ios-messages
Pythonect Roadmap● Support Python 3k● Support Stackless Python● Support IronPython● Support GPU Programming● Fix bugs and etc.
Questions?
Thanks!
Website: http://www.pythonect.orgMailing list: [email protected]
http://www.pythonect.org/mailto:[email protected]
Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27